Search

A class action suit on behalf of as many as 168,500 patients of Los Angeles County medical facilities has been been filed against Sutherland Healthcare Solutions because of a breach their medical records.

Sutherland handles billing and collections for the county's Department of Health Services and the county's Department of Public Health. On Feb. 5 the company's Torrance office was broken into and computer equipment was stolen. "The computers contained patient data including patients' first and last names, Social Security numbers and certain medical and billing information, and may also have included birthdates, addresses and diagnoses," according to the Los Angeles Times.

"I'm not aware of another breach of this significance ever having occurred," Los Angeles County Assistant Auditor-Controller Robert Campbell told the Times. The auditor-controller's office oversees the county's compliance with federal medical privacy regulations.

The suit was filed by Los Angeles attorneys Genie Harrison and Lisa L. Maki on behalf of an unidentified woman referred to as A. Doe for privacy reasons. She seeks class action status to represent all the patents whose data was stolen. The lawyers have filed a claim against Los Angeles County and will amend the complaint to include the County in the suit if the claim is rejected. It also lists up to 20 still unknown potential defendants.

The suit charges that Sutherland was negligent in the way it handled the data and failed to encrypt the information while it was stored. It says the breach violated California's Confidentiality of Medical Information Act. The suit also alleges that the company did not notify patients of the breach in a timely fashion as is required by California Law. The burglary was on Feb. 5 and Sutherland didn't start notifying patients of the breach until March 6.

The suit says what Sutherland has done to offer relief to those affected is "woefully inadequate." It seeks damages, injunctive relief that would require Los Angeles County to have contractors implement data security procedures and adequate identity theft protection for the victims.